My normal user is in group 'wheel' (10) and also group '1000', which perhaps is the group 'users'?

I don't remember how I put 'elle' in the 'wheel' group. I just installed sudo today (about 5 minutes ago) so it isn't set up at all.

The problem that I'm trying to solve is that somehow I accidentally hit "delete" or maybe "trash" after having selected a bunch of image files using digiKam. In any event, the files were deleted (I don't have "trash" set up). Fortunately I have backups. But those files were "read only" so I didn't think digiKam could delete them, never even occurred to me to ask the question. I guess I was wrong.

So I'm trying to figure out how to ensure that digiKam (or any other program) can't delete my image files (not all image files, just the originals, which are all in folders with the same top directory). But digiKam and exiftool both need to be able to write to sidecar files. My thought was to give ownership of the image files to root, but that didn't work. And probably that's not a good idea anyway, as exiftool (but not digiKam, digiKam is set up to only write to a sidecar file, which exiftool reads and then writes to the image file) needs write access to the images.

Changing the folder owner and group to root does make it not possible to delete a root-owned file as 'elle' (and probably also files not owned by root?), but then what about ability to write to the non-root files in the folder? (I haven't experimented yet)

So is there any way to keep digiKam (and every other person and program, except root) from deleting image files in a folder (say all files ending with .jpg or .cr2 or .tif), and still allow digikam and exiftool to write new files (say files ending with .xmp) to the directory?

I've been searching the internet, similar questions asked a lot, but the answers are not very clear to me.

Directory permissions are rwx, for each of three groups.
rw do what you expect, allow read or write access. x allows the group members to cd to the directory. Well, executing a directory is not useful.
Write access is required to change the directory.

The three groups are owner:group:world.

If you can work out a way to set the permissions rwxr-x--- and come up with suitable owner and groups, then yes.
You may need to make more users and more groups to accomplish this. Many more users and groups is messy. In that case you may want to move to access control lists (ACL), which provide much finer grained access control. I've never needed ACLs._________________Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

ACLs allow finer grained permission control within the existing permissions structure. For instance, you could grant write access to more than one group to a file or directory. What you can't do with ACLs is invent new permissions, such as "disallow delete", which only exists under very special conditions in the standard *nix filesystem model. You just can't set up a set of permissions that allows the creation of a file, writing to that file, but once closed, no longer allows write or delete.

However, there's a work-around. To elaborate on what NeddySeagoon has suggested, here is a set of steps that will accomplish mostly what you want:

Create a directory for your photo manipulation. I'll call it Photos.

Code:

~ $ mkdir Photos

Create a new user and group called (for instance) archival.

Code:

sudo useradd -M archival

Change the ownership and group of the Photos directory to "archival".

Code:

sudo chown archival:archival Photos

Change the permissions of the Photos directory to allow any user to write to the directory and (this is the critical part) add the sticky bit. (See "RESTRICTED DELETION FLAG" in the chown man page).

Code:

sudo chmod o+w,t Photos

You can make any files in this directory as a regular user. Let's prove it.

The one downside of this technique is that you need (at least temporary) root privileges to change the ownership of a file. (You need root privileges to set up the scheme, too, but that's not as big of a downside.)

Hope this helps, at least a little.

- John_________________I can confirm that I have received between 0 and 499 National Security Letters.

At this point the user 'archival' and the normal user ('elle', in my case) can both create and subsequently modify new files in any subdirectory of the directory "originals", with each user owning all files created by that user. And anyone can read files belonging to archival and elle.

But neither elle nor digikam can modify or delete the image files, which belong to archival. But archival can modify and delete any file, regardless of the owner.

The only problem now would be if 'elle' inadvertently su'ed to being 'archival' (or root) and then started digiKam, as for example from the command line. Hopefully elle won't be that unobservant! But is there any way to keep user 'archival' from starting digiKam? Something like this?

Code:

groupadd digikam
useradd -G digikam elle
some comamnd that only letting members of group digikam start the executable /usr/bin/digikam

Thank you all very much. I doubt very much whether I could have figured this out on my own (and hopefully the code lines I wrote are correct in case some other person reads this post with a similar question).